In June, I submitted 10 vulnerabilities to 1 program on HackerOne. #TogetherWeHitHarder hackerone.com/last-month

This.

This stuff makes me feel better about the shit i'm reporting hackerone.com/reports/1165900

Just demonstrated 300k+ users PII including email and physical address to a program HackerOne using data from Internet Archive. This bug affects every single user on the program. Estimating it to be in millions.

Its shocking to see that same bug got assigned different CVSS by different HackerOne triage team over the span of 2 years. And surprisingly, the program never gave a thought of reassessing the cvss.

Finally, here is the blog for the prototype pollution research we did. "A tale of making internet pollution free" - Exploiting Client-Side Prototype Pollution in the wild pwn.af/research/pp

Stay safe Pudgy Penguins holders. Seems like a new scam website. Using a similar username and domain as official one.

We are excited to release our new security bot with a host of never before seen features that allow you to not only secure your discord to new heights but also customise to suit your specific needs.

Web 2 with 9x emmy award winning studio, 2 games in development enters web 3 and gets Fudded hard. Meanwhile some owls enter and is about the flip the web 2 in a day. “Mass adoption is coming Bruh”

My Immunefi #ImmunefiWrapped for 2023. Quite happy with part-time work. The total bounty consists only from web apps bugs. I need to start looking for Smart Contracts bugs for better outcome.

This was one of my favorite findings in the Ordinals Explorer. The issue is now fixed and live. Full postmortem coming soon with a deep dive into all affected programs.

Happy New Year. Hope this year brings more of what you’re working toward.